jheysel-r7

51 exploits Active since Sep 2020
CVE-2024-30038 METASPLOIT HIGH ruby WORKING POC
Win32k - Privilege Escalation
Win32k Elevation of Privilege Vulnerability
CVSS 7.8
CVE-2024-35250 METASPLOIT HIGH ruby WORKING POC
Windows Kernel-Mode Driver - Privilege Escalation
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
CVSS 7.8
CVE-2022-3699 METASPLOIT HIGH ruby WORKING POC
Lenovo Diagnostics < 4.45.0 - Out-of-Bounds Write
A privilege escalation vulnerability was reported in the Lenovo HardwareScanPlugin prior to version 1.3.1.2 and Lenovo Diagnostics prior to version 4.45 that could allow a local user to execute code with elevated privileges.
CVSS 7.8
CVE-2023-24955 METASPLOIT HIGH ruby WORKING POC
Microsoft Sharepoint Enterprise Server - Code Injection
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVSS 7.2
CVE-2026-24061 METASPLOIT CRITICAL ruby WORKING POC
GNU Inetutils Telnet Authentication Bypass Exploit CVE-2026-24061
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment variable.
CVSS 9.8
CVE-2023-33012 METASPLOIT HIGH ruby WORKING POC
Zyxel Usg 20w-vpn Firmware < 5.37 - OS Command Injection
A command injection vulnerability in the configuration parser of the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 5.10 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 5.10 through 5.36 Patch 2, and VPN series firmware versions 5.00 through 5.36 Patch 2, could allow an unauthenticated, LAN-based attacker to execute some OS commands by using a crafted GRE configuration when the cloud management mode is enabled.
CVSS 8.8
CVE-2024-27348 METASPLOIT CRITICAL ruby WORKING POC
Apache HugeGraph-Server - Remote Command Execution
RCE-Remote Command Execution vulnerability in Apache HugeGraph-Server.This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.3.0 in Java8 & Java11 Users are recommended to upgrade to version 1.3.0 with Java11 & enable the Auth system, which fixes the issue.
CVSS 9.8
CVE-2022-39952 METASPLOIT CRITICAL ruby WORKING POC
Fortinet FortiNAC keyUpload.jsp arbitrary file write
A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP request.
CVSS 9.8
CVE-2022-0824 METASPLOIT HIGH ruby WORKING POC
Webmin < 1.990 - Incorrect Authorization
Improper Access Control to Remote Code Execution in GitHub repository webmin/webmin prior to 1.990.
CVSS 8.8
CVE-2024-28397 METASPLOIT MEDIUM ruby WORKING POC
pyload-ng js2py - Remote Code Execution
An issue in the component js2py.disable_pyimport() of js2py up to v0.74 allows attackers to execute arbitrary code via a crafted API call.
CVSS 5.3
CVE-2023-38035 METASPLOIT CRITICAL ruby WORKING POC
Ivanti Sentry MICSLogService Auth Bypass resulting in RCE (CVE-2023-38035)
A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration.
CVSS 9.8
CVE-2022-22956 METASPLOIT CRITICAL ruby WORKING POC
Vmware Identity Manager < 9.0 - Authentication Bypass
VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework. A malicious actor may bypass the authentication mechanism and execute any operation due to exposed endpoints in the authentication framework.
CVSS 9.8
CVE-2021-1499 METASPLOIT MEDIUM ruby WORKING POC
Cisco HyperFlex HX Data Platform unauthenticated file upload to RCE (CVE-2021-1499)
A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could allow an unauthenticated, remote attacker to upload files to an affected device. This vulnerability is due to missing authentication for the upload function. An attacker could exploit this vulnerability by sending a specific HTTP request to an affected device. A successful exploit could allow the attacker to upload files to the affected device with the permissions of the tomcat8 user.
CVSS 5.3
CVE-2023-4220 METASPLOIT HIGH ruby WORKING POC
Chamilo v1.11.24 Unrestricted File Upload PHP Webshell
Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell.
CVSS 8.1
CVE-2023-47218 METASPLOIT MEDIUM ruby WORKING POC
Qnap Qts < 5.1.5.2645 - Command Injection
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTScloud c5.1.5.2651 and later
CVSS 5.8
CVE-2023-0315 METASPLOIT HIGH ruby WORKING POC
froxlor/froxlor <2.0.8 - Command Injection
Command Injection in GitHub repository froxlor/froxlor prior to 2.0.8.
CVSS 8.8
CVE-2024-56145 METASPLOIT CRITICAL ruby WORKING POC
Craft CMS Twig Template Injection RCE via FTP Templates Path
Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Users of affected versions are affected by this vulnerability if their php.ini configuration has `register_argc_argv` enabled. For these users an unspecified remote code execution vector is present. Users are advised to update to version 3.9.14, 4.13.2, or 5.5.2. Users unable to upgrade should disable `register_argc_argv` to mitigate the issue.
CVSS 9.8
CVE-2023-50386 METASPLOIT HIGH ruby WORKING POC
Apache Solr Backup/Restore APIs RCE
Improper Control of Dynamically-Managed Code Resources, Unrestricted Upload of File with Dangerous Type, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Solr.This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1. In the affected versions, Solr ConfigSets accepted Java jar and class files to be uploaded through the ConfigSets API. When backing up Solr Collections, these configSet files would be saved to disk when using the LocalFileSystemRepository (the default for backups). If the backup was saved to a directory that Solr uses in its ClassPath/ClassLoaders, then the jar and class files would be available to use with any ConfigSet, trusted or untrusted. When Solr is run in a secure way (Authorization enabled), as is strongly suggested, this vulnerability is limited to extending the Backup permissions with the ability to add libraries. Users are recommended to upgrade to version 8.11.3 or 9.4.1, which fix the issue. In these versions, the following protections have been added: * Users are no longer able to upload files to a configSet that could be executed via a Java ClassLoader. * The Backup API restricts saving backups to directories that are used in the ClassLoader.
CVSS 8.8
CVE-2023-26067 METASPLOIT HIGH ruby WORKING POC
Lexmark <2023-02-19 - Info Disclosure
Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 1 of 4).
CVSS 8.1
CVE-2024-2961 METASPLOIT HIGH ruby WORKING POC
GNU C Library <2.39 - Buffer Overflow
The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.
CVSS 7.3
CVE-2020-2038 METASPLOIT HIGH ruby WORKING POC
Palo Alto Networks Authenticated Remote Code Execution
An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges. This issue impacts: PAN-OS 9.0 versions earlier than 9.0.10; PAN-OS 9.1 versions earlier than 9.1.4; PAN-OS 10.0 versions earlier than 10.0.1.
CVSS 7.2
CVE-2023-4911 METASPLOIT HIGH ruby WORKING POC
Glibc Tunables Privilege Escalation CVE-2023-4911 (aka Looney Tunables)
A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.
CVSS 7.8
CVE-2022-22960 METASPLOIT HIGH ruby WORKING POC
VMware Workspace ONE Access CVE-2022-22960
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. A malicious actor with local access can escalate privileges to 'root'.
CVSS 7.8
CVE-2024-21626 METASPLOIT HIGH ruby WORKING POC
runc (docker) File Descriptor Leak Privilege Escalation
runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace, allowing for a container escape by giving access to the host filesystem ("attack 2"). The same attack could be used by a malicious image to allow a container process to gain access to the host filesystem through runc run ("attack 1"). Variants of attacks 1 and 2 could be also be used to overwrite semi-arbitrary host binaries, allowing for complete container escapes ("attack 3a" and "attack 3b"). runc 1.1.12 includes patches for this issue.
CVSS 8.6
CVE-2021-3560 METASPLOIT HIGH ruby WORKING POC
polkit - Privilege Escalation
It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVSS 7.8